| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220630094646.91837-2-haibo.li@mediatek.com>
Date: Thu, 30 Jun 2022 17:46:45 +0800
From: Haibo Li <haibo.li@...iatek.com>
To: Sami Tolvanen <samitolvanen@...gle.com>
CC: <xiaoming.yu@...iatek.com>, Kees Cook <keescook@...omium.org>,
"Nathan Chancellor" <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Matthias Brugger <matthias.bgg@...il.com>,
Peter Zijlstra <peterz@...radead.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
"Christophe Leroy" <christophe.leroy@...roup.eu>,
André Almeida <andrealmeid@...lia.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Juergen Gross <jgross@...e.com>,
Haibo Li <haibo.li@...iatek.com>,
Tiezhu Yang <yangtiezhu@...ngson.cn>,
Aaron Tomlin <atomlin@...hat.com>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
<linux-kernel@...r.kernel.org>, <llvm@...ts.linux.dev>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-mediatek@...ts.infradead.org>,
Lecopzer Chen <lecopzer.chen@...iatek.com>
Subject: [PATCH 1/2] ANDROID: cfi: enable sanitize for cfi.c
currenly,cfi.c is excluded from cfi sanitize because of cfi handler.
The side effect is that we can not transfer function pointer to
other files which enable cfi sanitize.
Enable cfi sanitize for cfi.c and bypass cfi check for __cfi_slowpath_diag
Signed-off-by: Haibo Li <haibo.li@...iatek.com>
Signed-off-by: Lecopzer Chen <lecopzer.chen@...iatek.com>
---
kernel/Makefile | 3 ---
kernel/cfi.c | 8 +++++++-
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/kernel/Makefile b/kernel/Makefile
index a7e1f49ab2b3..a997bef1a200 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n
UBSAN_SANITIZE_kcov.o := n
CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector
-# Don't instrument error handlers
-CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI)
-
obj-y += sched/
obj-y += locking/
obj-y += power/
diff --git a/kernel/cfi.c b/kernel/cfi.c
index 08102d19ec15..456771c8e454 100644
--- a/kernel/cfi.c
+++ b/kernel/cfi.c
@@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr)
return fn;
}
-void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
+static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void *diag)
{
cfi_check_fn fn = find_check_fn((unsigned long)ptr);
@@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
else /* Don't allow unchecked modules */
handle_cfi_failure(ptr);
}
+
+void __cfi_slowpath_diag(u64 id, void *ptr, void *diag)
+{
+ /*run cfi check without cfi sanitize to avoid calling cfi handler recursively*/
+ _run_cfi_check(id, ptr, diag);
+}
EXPORT_SYMBOL(__cfi_slowpath_diag);
#else /* !CONFIG_MODULES */
--
2.25.1
Powered by blists - more mailing lists